Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
packet which causes large amounts of memory use in the broker. If multiple
clients do this, an out of memory situation can occur and the system may
become unresponsive or the broker will be killed by the operating system.
The fix addresses the problem by limiting the permissible size for CONNECT
packet, and by adding a memory_limit configuration option that allows the
broker to self limit the amount of memory it uses.
The hash of new tarball is not (yet) available through download.php, so use
a locally calculated hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
systemd-237 slightly changed the README, but the hash was not updated
leading to legal-info failing. Fix it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop IW_MAKE_OPTS, passing the CC, LD, and LDFLAGS in the environment
via TARGET_CONFIGURE_OPTS is enough.
Add license file hash.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes [1]:
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_Create':
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: error: 'RPI_GLES_DefaultProfileConfig' undeclared (first use in this function); did you mean 'RPI_GLES_DeleteContext'?
device->GL_DefaultProfileConfig = RPI_GLES_DefaultProfileConfig;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RPI_GLES_DeleteContext
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:126:39: note: each undeclared identifier is reported only once for each function it appears in
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c: In function 'RPI_CreateWindow':
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:281:17: error: 'SDL_VideoDevice {aka struct SDL_VideoDevice}' has no member named 'egl_data'; did you mean 'gl_data'?
if (!_this->egl_data) {
^~~~~~~~
gl_data
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:10: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface'
wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window);
^~
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:286:26: warning: implicit declaration of function 'SDL_EGL_CreateSurface'; did you mean 'SDL_Vulkan_CreateSurface'? [-Wimplicit-function-declaration]
wdata->egl_surface = SDL_EGL_CreateSurface(_this, (NativeWindowType) &wdata->dispman_window);
^~~~~~~~~~~~~~~~~~~~~
SDL_Vulkan_CreateSurface
.../build/sdl2-2.0.7/src/video/raspberry/SDL_rpivideo.c:288:14: error: 'SDL_WindowData {aka struct SDL_WindowData}' has no member named 'egl_surface'
if (wdata->egl_surface == EGL_NO_SURFACE) {
^~
[1] http://autobuild.buildroot.net/results/9612d43b192bbb88214a11fe18f8b8da6ad10313
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tvheadend does not build on microblazeel, because of some assertion
failure in binutils:
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_divdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_udivdi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: FDE encoding in [...]/lib/gcc/microblazeel-buildroot-linux-uclibc/6.4.0/libgcc.a(_umoddi3.o)(.eh_frame) prevents .eh_frame_hdr table being created.
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: BFD (GNU Binutils) 2.29.1 assertion fail elf32-microblaze.c:1494
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: [...]/sysroot/usr/lib/Scrt1.o: probably compiled without -fPIC?
[...]/microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
Fixes:
http://autobuild.buildroot.org/results/85475885a95f23f3dbc88e5b162108a458233bc4/
[...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig
function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to
cause a denial-of-service attack or possibly have unspecified other impact
via a maliciously crafted RF64 file.
CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.
CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect memory
allocation, via a maliciously crafted CAF file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The link in /etc/systemd/system/, named dbus-org.bluez.service, pointing to
../../../../usr/lib/systemd/system/bluetooth.service has one too many ".." in
it. Likely the target was copied from the other link in
/etc/systemd/system/bluetooth.target.wants/, which is one level deeper.
Adjust link to be correct.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the BIND_PKGDIR variable instead of package/bind.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch to allow systemd to work with old "ln" versions that don't
support --relative didn't work properly in the the meson-add-wants.sh
script.
This results in all the links in systemd's "*.wants" directories being
broken, e.g.
/usr/lib/systemd/system/multi-user.target.wants/getty.target ->
../../../../usr/lib/systemd/system/getty.target
There is one too few ".." in that relative link.
The problem is that the script is called with the link name being either a
file or an existing directory. In the latter case, ln creates the link in
the directory using the name of the target. This means the link is one
level deeper than the relative link making code thinks.
The solution used is to only dirname the link, moving up a level, if it's
not a directory, to mimic ln's logic in how it creates links.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A pretty nasty difference in alignment rules between most
architectures and m68k lead pcre2 to fail building its 16-bit and
32-bit variants on m68k. This commit adds a patch that fixes that.
Fixes:
http://autobuild.buildroot.net/results/f6a45df5cb80e3fd94d57163bd28a0014a02bf4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mesa's EGL/eglplatform.h header includes X11 headers unless the flag
MESA_EGL_NO_X11_HEADERS is defined[1].
A build issue happens when mesa3d is selected as then OpenGL EGL backend
but the XCB library is not selected.
This commit tells qmake to pass the cflag MESA_EGL_NO_X11_HEADERS to
make and prevent from including the missing X headers.
The issue QTBUG-66233 is opened in the Qt tracker[1].
Fixes:
In file included from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/egl.h:39:0,
from qsgvideonode_egl.h:48,
from qsgvideonode_egl.cpp:40:
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/eglplatform.h:118:22:
fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
^
compilation terminated.
Makefile:550: recipe for target '.obj/qsgvideonode_egl.o' failed
[1]: 79ee1b2ff0/include/EGL/eglplatform.h (L109-L125)
[2]: https://bugreports.qt.io/browse/QTBUG-66233
[Peter: simplify logic]
Cc: Julien CORJON <corjon.j@ecagroup.com>
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mesa's EGL/eglplatform.h header includes X11 headers unless the flag
MESA_EGL_NO_X11_HEADERS is defined[1].
A build issue happens when mesa3d is selected as then OpenGL EGL backend
but the XCB library is not selected.
This commit tells qmake to pass the cflag MESA_EGL_NO_X11_HEADERS to
make and prevent from including the missing X headers.
The issue QTBUG-66233 is opened in the Qt tracker[1].
Fixes:
In file included from /home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/egl.h:39:0,
from platform/graphics/opengl/Extensions3DOpenGLES.cpp:33:
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/eglplatform.h:118:22: fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
^
compilation terminated.
Makefile.WebCore.Target:93596: recipe for target '.obj/platform/graphics/opengl/Extensions3DOpenGLES.o' failed
[1]: 79ee1b2ff0/include/EGL/eglplatform.h (L109-L125)
[2]: https://bugreports.qt.io/browse/QTBUG-66233
[Peter: simplify logic]
Cc: Julien CORJON <corjon.j@ecagroup.com>
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mesa's EGL/eglplatform.h header includes X11 headers unless the flag
MESA_EGL_NO_X11_HEADERS is defined[1].
A build issue happens when mesa3d is selected as then OpenGL EGL backend
but the XCB library is not selected.
This commit tells qmake to pass the cflag MESA_EGL_NO_X11_HEADERS to
make and prevent from including the missing X headers.
The issue QTBUG-66233 is opened in the Qt tracker[1].
Fixes:
In file included from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/egl.h:39:0,
from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/qt5/QtEglSupport/5.10.0/QtEglSupport/private/qt_egl_p.h:65,
from
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/qt5/QtEglSupport/5.10.0/QtEglSupport/private/qeglstreamconvenience_p.h:55,
from
../../../../hardwareintegration/compositor/wayland-egl/waylandeglclientbufferintegration.cpp:56:
/home/gportay/src/buildroot/output-qt5.10/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/EGL/eglplatform.h:118:22:
fatal error: X11/Xlib.h: No such file or directory
#include <X11/Xlib.h>
^
compilation terminated.
Makefile:656: recipe for target
'.obj/waylandeglclientbufferintegration.o' failed
make[8]: *** [.obj/waylandeglclientbufferintegration.o] Error 1
[1]: 79ee1b2ff0/include/EGL/eglplatform.h (L109-L125)
[2]: https://bugreports.qt.io/browse/QTBUG-66233
[Peter: simplify logic]
Cc: Julien CORJON <corjon.j@ecagroup.com>
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
boost 1.66 uses pthread_condattr_setclock in
boost/asio/detail/impl/posix_event.ipp.
Boost is mostly a header-only library, in particular the asio stuff.
There are sub-options for the parts of Boost that are not purely
headers, but there are not any sub-options for the parts of Boost that
are just headers.
So, the options are either to add sub-options to Boost, or to make
Boost as a whole only available on NPTL toolchains. The latter is a bit
annoying as it would mean adding this dependency to all Boost reverse
dependencies, even those not using asio.
So, instead of updating boost, add a dependency to
BR2_TOOLCHAIN_HAS_THREADS_NPTL to domoticz. This is the best solution
that can be done today. It's not perfect, but it's good enough.
Fixes:
- http://autobuild.buildroot.net/results/197baa15cbf7f4fc7b3ccc602515af3f375ed68f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-6360: mpv through 0.28.0 allows remote attackers to execute
arbitrary code via a crafted web site, because it reads HTML documents
containing VIDEO elements, and accepts arbitrary URLs in a src attribute
without a protocol whitelist.
[Peter: Add CVE description]
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/2ce/2ce2d9be9e0699114e3bc3c0434ba05f64741f89/
A compile error occurs when attempting to compile mpv with mali support
(eg. when odroid-mali package is selected).
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com>
Signed-off-by: Mahyar Koshkouei <mahyar.koshkouei@gmail.com><br/>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0f9c0bf3d5 did a global replace of $(HOST_DIR)/usr/bin to
$(HOST_DIR)/bin. But later, a new occurrence of $(HOST_DIR)/usr/bin snuck
into the sources via commit 05e306d8d3 which added asterisk.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I am leaving Xilinx so to avoid future bounces update my email address
to my personal email address.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tar 1.30 changed the --numeric-owner output for filenames > 100 characters,
leading to hash mismatches for the tar archives we create ourselves from
git. This is really a fix for a bug in earlier tar versions regarding
deterministic output, so it is unlikely to be reverted in later versions.
For more details, see:
http://lists.busybox.net/pipermail/buildroot/2018-January/211222.html
To work around this issue, blacklist tar 1.30+ similar to how we do it for
pre-1.17 versions so Buildroot falls back to building host-tar.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-{cmake,lzip,xz} needs host-tar to extract their source code tarball, so
we need to ensure that host-tar gets added to DEPENDENCIES_HOST_PREREQ
before these in case they are both needed, otherwise the tools will fail to
extract.
With the upcoming change to blacklist modern tar versions this situation is
likely to trigger more often.
The real solution to this issue is the <foo>_EXTRACT_DEPENDENCIES rework,
but that series is a bit too intrusive to add this close to 2018.02, so
therefore this hack.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_BINFMT_FLAT configurations require the use of elf2flt. However,
PHP uses -export-dynamic which breaks badly with elf2flt. Even a
simple program fails to build:
$ ./output/host/bin/arm-linux-gcc -Wl,-export-dynamic -o toto toto.c
/home/thomas/projets/buildroot/output/host/opt/ext-toolchain/arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: section .junk LMA [0000000000000000,0000000000000027] overlaps section .text LMA [0000000000000000,0000000000006d07]
-export-dynamic is clearly not useful for FLAT configurations, which
are always statically linked, but it's quite a bit of work to change
the PHP build system to use it only conditionall.
It looks more like an interaction bug between gcc (which wants to put
the .text section at address 0x0 in its linker script) and elf2flt,
which wants to put its .junk section (containing the .rel.text stuff)
also at address 0x0.
Fixes (works around) the "section overlap" part of:
http://autobuild.buildroot.net/results/35cbed8927bb10500ecf2816aa728ea240a0be21/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The PHP sockets module now provides access to AI_IDN functionality (by
simply declaring a bunch of constants available from PHP code). AI_IDN
(internationalized domain names) is not supported in uClibc or musl,
which breaks the build.
This commit adds a patch to PHP which makes the use of AI_IDN
conditional, in a way that is identical to what is already done for
AI_ALL. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/ef040cc45bb2789ead82a8c445db3376e36b5ac7/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use "$@" instead of $* to preserve arguments containing spaces.
The shell expands "$@" as "$1" "$2" "$3"... while it expands $@ as $1 $2
$3. With the second form, we loses spaces in positional parameters.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream has code only for those architectures, with no fallback
generic code, so we must restrict zlib-ng to only those four archs...
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: fix typoes in the Config.in option name.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This non ascii character trigger an issue with MakeHeader.py.
./scripts/MakeHeader.py MetersPanel.c
Traceback (most recent call last):
File "./scripts/MakeHeader.py", line 32, in <module>
for line in file.readlines():
File "[...]/output/host/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 956: ordinal not in range(128)
Fixes:
http://autobuild.buildroot.net/results/8ed/8edb78b054a265447fd0e83f67cba5f978be4ed6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 93f080ba0a.
This patch was intended for the next branch, it shouldn't have been
applied to the master branch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This non ascii character trigger an issue with MakeHeader.py.
./scripts/MakeHeader.py MetersPanel.c
Traceback (most recent call last):
File "./scripts/MakeHeader.py", line 32, in <module>
for line in file.readlines():
File "[...]/output/host/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 956: ordinal not in range(128)
Fixes:
http://autobuild.buildroot.net/results/8ed/8edb78b054a265447fd0e83f67cba5f978be4ed6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The script check-bin-arch fails as follows on a config for PowerPC e6500
(64-bit CPU) with BR2_ARCH="powerpc" (32-bit userland desired):
ERROR: architecture for "/lib/modules/..../lib/libcrc32c.ko"
is "PowerPC64", should be "PowerPC"
This situation is perfectly acceptable: the kernel is 64-bit and so are its
modules, even though userland is 32-bit.
To keep check-bin-arch and its caller simple, just skip /lib/modules/
entirely, like is done for /lib/firmware and some others.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
